Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
This repository contains a snapshot of the complete content of the KnotInfo and LinkInfo databases. Each database is provided as a Python list of Python dictionaries. The data are from the corresponding Excel spreadsheets available on the KnotInfo and LinkInfo homepages on the date of release.
Please note that the databases contain columns that are not visible on the web pages (see also the Release Notes 2023.4.8). The validity of the information in such columns cannot be guaranteed. Also, there are plans to remove them in the future.
This repository was created as a part of the SageMath interface to these databases (see the corresponding section of the SageMath reference manual or this tutorial) but can also be used independently.
In Python, it can be used as follows:
>>> from database_knotinfo import link_list
>>> k = link_list()
>>> len(k)
2979
>>> names_k = k[0]
>>> type(names_k)
<type 'dict'>
>>> names_k['braid_index']
'Braid Index'
>>> k2 = k[2]
>>> k2['name']
'3_1'
>>> k2['braid_index']
'2'
>>> k2['homfly_polynomial']
'(2*v^2-v^4)+(v^2)*z^2'
>>> l = link_list(proper_links=True)
>>> len(l)
4189
>>> names_l = l[0]
>>> type(names_l)
<type 'dict'>
>>> names_l['braid_notation']
'Braid Notation'
>>> l2 = l[2]
>>> l2['name']
'L2a1{1}'
>>> l2['homflypt_polynomial']
'v/z-v^3/z + v*z'
To build a new release, the CSV
files can be upgraded with the
create_knotinfo_csv.py
script. A cronjob
executes it on the first day of every month and creates a new
release if differences are detected.
pip install database_knotinfo
or
pip install database_knotinfo==2021.9.1
if you want to install a former version.
Since Release 9.4, the database can be installed in Sage by:
sage -i database_knotinfo
This will contain integration with the knot and link functionality of Sage. Sage 9.4 ships the PyPI release 0.7 of the database. To use a more recent one you have to execute
sage -package update database_knotinfo <version>
before the installation command above, for example:
sage -package update database_knotinfo 2021.9.1
This procedure can be used to upgrade to the next version, as well. But note that there is a bug in 9.4 concerning such upgrades which will be fixed in SageMath 9.5 (see Trac ticket #32099). A workaround for 9.4 can be perfomed in a Sage session as follows:
sage: from sage.databases.knotinfo_db import KnotInfoDataBase
sage: KnotInfoDataBase().reset_filecache()
If you upgrade to a version of the database which is ahead of the version the SageMath release is build on, you should keep in mind, that the examples shown in the Sage reference manual may be outdated.
In case the installation via sage -i
is failing on your system you can try:
sage -pip install database_knotinfo
or
sage -pip install database_knotinfo==0.7
for the version compatible the the current Sage release.
Version numbers are automatically generated every month if differences to the original databases are detected. They follow the scheme
<year>.<month>.<day>
If you note a divergence between this repository and the original data in case the current release is older than a month please create an issue about that.
Many thanks to Chuck Livingston and Allison Moore for making the data available. For further acknowledgments see the corresponding homepages.
FAQs
The KnotInfo and LinkInfo databases as lists of dictionaries
We found that database-knotinfo demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.